This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm a beginner to learning wireshark, so please go easy on me. How can I find out if my browser is running HTTP version 1.0 or 1.1? Also, how can I find out what version of HTTP the server running?

Is there a specific part of wireshark which displays this information every time?

Thanks

asked 30 Oct '12, 09:08

smc20's gravatar image

smc20
6335
accept rate: 0%


Sure. Capture while you browse the internet, and find any GET request your browser does (which means "hello, I want something"). If you have many packets that make it hard to see such requests you can find them by filtering on "http.request.method==GET".

In the packet list you'll see that the info column says "GET / HTTP/1.1" or "GET / HTTP/1.0".

permanent link

answered 30 Oct '12, 09:14

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

edited 30 Oct '12, 09:15

thankyou Jasper that makes sense.

One more question if that's ok. I have a website and according to my cPanel it says:

Apache version 2.2.23 and Operating System linux

I captured packets and browsed to my website. The Hypertext Transfer Protocol in Wireshark picked up my website as:

Server: Apache\r\n

Is this correct? I assumed it would say Linux? Can you explain why it says Apache? Sorry if it's a silly Q.

Thanks again.

(30 Oct '12, 09:23) smc20

It says "Server: Apache" because that is what the HTTP Server application software is. You're looking at the HTTP protocol, so "Linux" would be the wrong answer, because Linux is not an HTTP server application :-)

So yes, that is correct. And it is not a silly Question... it is better to ask to improve knowledge than keeping wondering why things are like they are ;-)

(30 Oct '12, 09:42) Jasper ♦♦

I captured packets and browsed to my website. The Hypertext Transfer Protocol in Wireshark picked up my website as: Server: Apache.

Well that's what is probably configured for Apache. It does not necessarily report it's full version information. Sometimes the version information is done intentionally to keep away script kiddies with their automatic scan/attack tools.

If you set the following Apache config option, it will only report "Apache" in the Server header.

ServerTokens Prod

Regards
Kurt

(30 Oct '12, 10:02) Kurt Knochner ♦

thanks guys, very much appreciated.

(30 Oct '12, 10:13) smc20
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×293
×52
×29

question asked: 30 Oct '12, 09:08

question was seen: 41,585 times

last updated: 30 Oct '12, 10:13

p​o​w​e​r​e​d by O​S​Q​A